DynDNS for Private IP
-
For what possible reason would you need to resolve a private IP publicly for - you sure and the hell can not route it anywhere.
If you want to resolve a private IP, then you resolve it locally..
-
For what possible reason would you need to resolve a private IP publicly for - you sure and the hell can not route it anywhere.
If you want to resolve a private IP, then you resolve it locally..
How can I do?
I must change codes, do I? -
huh? Dude I am not going to help you put rfc1918 space into a public dns.. Its BROKEN setup..
You can dynamically register your devices local private IPs with your local dns..
-
I think we're talking about different things.
My pfsense's WAN interface ip is 192.168.1.100.
My subdomain test.domain.com at freednsI want this: test.domain.com = 192.168.1.100 with Dynamic DNS updates.
Can I do it with Custom serivce or I must write a php script and add it cron?
-
"I want this: test.domain.com = 192.168.1.100 with Dynamic DNS updates."
And that is BROKEN!!! Why would you want or need such a thing?? You can not get to 192.168.1.100 from anywhere other than your local network. So registering that in freedns or any other public dns dyn or not is completely POINTLESS and a BROKEN setup..
What you want is for your actual public IP… Go to whats my public IP and see what that is, that is the IP address you want to publish, so when your away from your network or need for someone to connect to pfsense they would use your actual public IP..
-
It's not broken setup. You don't answer my question, you offer a different thing.
I wan't use private ip on public dns.I know what I want. I do not know how I can do.
-
"I wan't use private ip on public dns."
And that is BROKEN!!! There is NO Point in doing that - NONE!!! Please give example how it makes sense for public dns to resolve to a private IP address… There isn't any!! There is NO point for anyone other than your local machines to resolve that IP.. So using your local dns you resolve it..
Public domains responding with rfc1918 address is how rebinding attacks work - are you wanting to do a rebinding attack?
-
If I don't use local DNS?
-
And why is that? pfsense can be dns, any soho router can be dns.. So put that 192.168.1.100 in your host file then..
Public dns is not the place for rfc1918 address space.. Pfsense runs unbound in resolver mode out of the box - why would you turn it off?
-
I have also the need to update a ddns with a private IP.
Why? Because my PBX needs to know which is the current IP for my private link between my pfsense and my ISP, for SIP-NAT purposes.
The link uses a dynamic private IP address, so anytime my provider changes my pfsense's private IP, I have to go to PBX settings and update it manually.DDNS for private IP addresses is not broken, if you just didn't find a use for it doesn't mean it's not needed for some of us
-
@gabrielpc1190 said in DynDNS for Private IP:
, if you just didn't find a use for it doesn't mean it's not needed for some of us
Your DOING it WRONG!!! Period!!! Plain and simple there is ZERO reason ever to do this at an enterprise level... If your are doing it to access your plex server or something.. sure ok.. but that is not in public dns, that is in a private domain plex.direct that only plex users use, etc..
And even then for that to work, the local network has to disable rebind attacks for that domain or it doesn't work!!
Your local clients can resolve rfc1918 just fine... But don't expect public ddns to allow for rfc1918 - since that leads to rebind attacks..
-
@Resolute said in DynDNS for Private IP:
It's not broken setup. You don't answer my question, you offer a different thing.
I wan't use private ip on public dns.I know what I want. I do not know how I can do.
You said your WAN address was 192.168.1.100. That's one of the RFC 1918 addresses, which are not routeable over the Internet. Your ISP is using NAT to share public addresses with multiple users. This means it's impossible for anyone to reach your WAN. This also means there is no point in using dynamic DNS to point to it.
Your ISP is using NAT because of the shortage of IPv4 addresses. The only solution is for the world to move to IPv6. Anything else, such as NAT, is a hack that causes problems such as yours.
-
FreeDNS accepted my RFC 1918 ....
Let's check :
root@ns311465:~# host brithotelfumel.mooo.com brithotelfumel.mooo.com has address 192.168.1.100
Oh ..... lol.
edit :
It can be done.
Look :
Up to you to write the file some_script_page_that_returns_the_RFC_1918_IP.php and place it in the webroot of the GUI.
Please note :
Your PHP script should return a phrase like this :preg_match('=Current IP Address: (.*)</body>=siU', $ip_result_decoded, $matches);
Check for yourself : click on http://checkip.dyndns.org/ and see what is returned ^^
Found this :
// Use the first enabled check IP service as the default.
which means that your code will get used for all "IP checks" now. The default
http://checkip.dyndns.org
won't get used any more. Which implies : no more classic real non RFC 1819 any more. So you have to code a solution for this yourself.
So, it's as usual : yes, pfSense can even launch your nukes. As soon as YOU are able to tell him how to do so.
I can understand that the pfSense GUI doesn't support RFC 1819 type of IP's here as should cause problems in 99,9999 % of all cases.
-
@Gertjan Appreciate the test and useful information. You should be promoted to the highest level Moderator.
It's helpful to warn users away from RFC1918 on public DNS, provided it's not obstructive or failing to imagine non-standard use cases. BTW been doing DNS for 20 years and it's only "BROKEN!!" if interferes with interoperability.
My fringe use case: embedded Linux devices in QA networks, which for "reasons" can't use a private DNS server. Probably some homelabs also. Having to run nmap across a bunch of network blocks gets really old, fast.
Anyways: thanks for the tip. https://freedns.afraid.org/